Comments and answers for "TLS mutual auth at an API level"https://developer.ibm.com/answers/questions/464390/tls-mutual-auth-at-an-api-level.html
The latest comments and answers for the question "TLS mutual auth at an API level"Answer by kshkhannahttps://developer.ibm.com/answers/answers/503078/view.html
Did the Mutual TLS in APIC work as expected, i am also facing the issues as mentioned above, could someone please help me how to get it setup (overall and through postman) if possible.
Many Thanks in advance!Tue, 30 Apr 2019 08:38:30 GMTkshkhannaAnswer by rlokesh26https://developer.ibm.com/answers/answers/486037/view.html
Apologies the comment just above this one was added by me but with a different Id. I will try to merge my accounts :)Mon, 24 Dec 2018 15:52:25 GMTrlokesh26Answer by 21YN_Lokesh_Kumarhttps://developer.ibm.com/answers/answers/486035/view.html
We had a response on the PMR raised for this. The suggestion to use the same GW service for mutual and server side TLS was to either use SNI, which invariably calls for separate DNS names or set the TLS profile to server side TLS (turn off request cert) and enable application authentication for specific APIs that require mutual auth. The moment you turn off the request cert option, you could only use the cert sent in header option. Passing the certificate in the header is not true TLS mutual auth but just a cert string compare way down in the processing. So we chose using a different GW service instead (with same host but different port).Mon, 24 Dec 2018 15:46:17 GMT21YN_Lokesh_KumarAnswer by mj90https://developer.ibm.com/answers/answers/483502/view.html
I am facing the same problem any update on this ???Tue, 04 Dec 2018 14:11:29 GMTmj90Answer by jrhuerga2018https://developer.ibm.com/answers/answers/476521/view.html
I am experiencing as well the same problem. I have tried to use the parameters "--key" and "--cert" to make in curl a TLS call, but I am always getting the same error (Application is not using mutual TLS). I tried as well to make a call passing the whole x509 in a line (using \n separators) under the header X-IBM-Client-Id but with no luck.Sun, 21 Oct 2018 17:08:23 GMTjrhuerga2018Answer by rlokesh26https://developer.ibm.com/answers/answers/464965/view.html
Thank you for the response.
Our understanding is that turning on "authenticate application" feature at an API level would mean the same as turning on mutual auth in the front TLS profile.
Pls check the point 15.e in the link [Infocenter Link][1]
[1]: https://www.ibm.com/support/knowledgecenter/en/SSMNED_5.0.0/com.ibm.apic.toolkit.doc/task_apionprem_creating_apis.html
We also have a PMR open for the same. Let me know if our understanding is incorrect.Thu, 16 Aug 2018 08:40:41 GMTrlokesh26Answer by DShutehttps://developer.ibm.com/answers/answers/464808/view.html
Your gateway TLS config would seem not to ask client for cert. So why would client ever send cert as part of mutual auth if nothing is asking for it. Where is mutual TLS configured?Wed, 15 Aug 2018 12:29:16 GMTDShute